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A bUateral system for authenticating remote transceiving stations through use of station identifiers (IDs), and through use of passwords 
which are used only one tmie. and thereafter exchanging messages through use of an encrytion key which kSed after e^^^^^ 
connection Upon authenUcation. each of the stations independently creates a secret session encryption key in resjo^fto throth^staS 
I unique station identifier that is exchanged over a communication link in cleaitext. The station id^tifiers a^ us^Tt^^ to^^^^ 
static secret and a unique dyrmm c secret which are known only by the two stations, but which are not exchanged ov!r Se comm^^^^ 
hnk. THe secrets are independent y combined by a bit-shuffle algorithm, the result of which is applied to a secure hTshmnct^^^^ 
! a niessage digest. Tlie secret session encryption key, a one-time passwoid for the originating station, a ont^time passwo™tL r^^^^^^^ 
stauon and a pseudo»random change value for updating the dynamic secret are derived from the message digest. Hie dynamic^creu! 
upda ed by the pseudo-random change value and a prime constant after each system connection, thus causing the message digest to be 
updated upon the occurrence of a new system connection. Further, the system IDs also may be altered by a component of till message 
digest upon tiie occurrence of a new system connection to provide an additional protection against playback impersonation. 
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RELATED APPLICATIONS 

Copending applications filed on the same date and having same inventors are "Bilateral 
Authentication And Information Encryption Token System And Method", Serial No 

. ; "File Encryption Method And System", Serial No. • and "Secure 

Deterministic Encryption Key Generator System And Method". Serial No. _J 

BACKGROUND OF THE INVENTION 

When sensitive infonnation is to be exchanged between transceiving stations 
the originatmg station will be concerned that the information can be intercepted by an 
intentional act of an unauthorized party as the information travels over.a communication medium 
between the stations, or that the message may inadvertently be received by an unauthorized 
receiving station. 

Similar concerns arise when a party at a computer system located at a first station 
requests access to sensitive data files stored in a computer system located at a second station In 
order to protect the files firom unauthorized disclosure, the second station will be concerned ' 
whether the requesting party is authorized to access the files, and if authorized whether the 
information may be copied by a third party during transmission between stations. 

The most widely accepted method of information protection over networks is the use of 
encryption, where the sending and receiving parties must share an encryption key to encrypt and 
decrypt the information being exchanged. In such systems, authentication is typically performed 
through cleartext exchanges, and the encryption keys that are used are changed infrequently as 
pcrson-to-person exchanges are the only means to ensure that the encryption key can be shared 
30 without risking public exposure. As a result, valuable information and time are made available 
to an attacker who desires to discover the encryption key and gain access to all encrv-pted 
information which is exchanged over the networks. 

Prior authentication and encryption systems are disclosed in U.S. Patent Nos 5 060 263- 
35 .*),065.429; 5,068,894; 5,153,919; 5,355.413; 5,361.062; 5. 474.758; and 5,495.533. U.S. Patent' 
No. 5,060,263 employs a reversible encryption algorithm, conducts all exchanges between the 
host and client in cleartext. and provides only unilateral authentication. U.S. Patent No. 5, 
065.429 provides only unilateral authentication, and stores its encryption keys on the storage 
medium where they would be accessible to any attacker reading the medium. U.S. Patent No. 
40 5,068,894 employs a reversible encryption algorithm which is never changed, and makes both 
cleartext challenges and encrypted responses available to an attacker. U.S. Patent No. 5, 1 53,9 1 9 
provides useful cleartext information for an attacker in exchanges between stations, uses weak 
encryption algorithms to avoid latency problems, and does not provide for secure activation of 
the token as anyone who possesses it may use it. U.S. Patent No. 5,355,413 encrypts a random 
45 challenge, but does not encrypt information exchanged between host and client U.S. Patent No. 
5,36 1 .062 exchanges information between host and client in cleartext, uses a reversible 
encryption algorithm, provides only unilateral authentication, triggers encryption iterations as a 
function of time which contributes to computer overhead and system latency, and requires a 
resynchronization protocol to keep token and host in sync. U.S. Patent No. 5,474,758 provides 
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only unilateral authentication, and depends upon the users ability to hide the storage of its 
certificate of authenticity. U.S. Patent No. 5,495.533 provides only unilateral authentication 
incurs a high network overhead contributing to latency, and depends upon a key direclory which 
IS susceptible to attacker intrusions. 

5 

Additional prior authentication systems are disclosed in U.S. Patent Nos 5 233 655- 
5,367.572: 5,421,006; and 5,481,611. U.S. Patent No. 5,233,655 provides only unilateral 
authentication, and does not provide any encryption of information that is being exchanged. U.S. 
Patent No. 5,367,572 provides only unilateral authentication, requires a resynchronization 
1 0 protocol to keep the host and client in sync, and transmits all information exchanges in cleartext. 
U.S. Patent No. 5.421,006 provides only unilateral authentication, and operates in a windowed 
environment which contributes substantially to CPU overhead and thus system latency U S 
Patent No. 5.48 1 ,6 1 1 provides only unilateral authentication, and conducts all information 
exchanges in cleartext. U.S. Patent No. 5.309,5 16 requires that a key directory be stored. 

None of the above prior art references disclose the use of dual many-to-few bit-mapping 
m generating a deterministic, non-predictable, and symmetric encryption key as used in the 
present invention. 

2^ addition to the above disclosures, the use of secure hash algorithms (SHA) is 

disclosed in FIPS Pub. 180-1. Secure Hash Standard (1995 April 17); and token system security 
requirements are described in FIPS Pub. 140-1, Security Requirements For Cryptographic 
Modules (1994 January 11). jr e> t- 

2^ T''® present invention provides a combination of authentication and encryption in which 

parameters including system passwords, encryption keys, and change values that are used to alter 
a dynamic secret to produce new, pseudo-random system passwords and encryption keys, are 
used during only a single system connection before being replaced with new parameters having 
no known relationship with their previous counterparts, and both the originating system and the 
answering system in a network exchange independently generated passwords through use of an 
encryption key generator which employs bit-shuffling, many-to-few bit-mapping and secure hash 
processing to produce such parameters in a manner which is highly resistant to any attempt to 
discover the secret inputs to the encryption key generator through cryptographic analysis or brute 
torce trial-and-error attacks. Further, the handshake protocol between the originating system and 
the answering system requires that only system identifiers be exchanged over a network in 
cleartext, and protects the encryption key generator, the system passwords, the encryption key. 
and the change value from public exposure. In addition, system IDs may be altered upon the 
completion of a system connection, or by request of one system to the other, to provide a further 
protection against playback impersonation by a would-be attacker. 
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SUMMARY OF THE INVENTION 

In accordance with the present invention, one or more secrets are known by. but not 
exchanged between, the originating and answering systems. One secret is a static or constant 
secret, and the other is a dynamic secret in that it is independently changed by the originating 
and answering systems each time a system connection is completed or a new message digest is 
requested by one system to the other. More particularly, the two systems independently combine 
the static and dynamic secrets In accordance with a bit-shuffling algorithm employing a many- 
to-l"ew bit-mapping, and the result is subjected to a secure hash process which also employs a 
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'° .h„m- invention, the dynamic secret which is used as an input to the bit 

shuffling operation is updated each time that the authentication cycles fo/a svstemV° r 

t rerft"; : ^SeSr' -^^^'-^ ^^^^^'-^ ^ new^ti^t:„ir^^^^^^^ 

tncreaner is generated for a new system connection. uifccsi 

1 5 In another aspect of the invention, the authentication of originating and answering 

systems after each system connection ensures the updating of passwords aL enc " p7r^^^^^^^ 
and the synchronization of the independent processes for generating the messagHl J^^ from 
which the passwords and encryption keys are derived. message digests from 

" diffcrent'ra:\ra:o;;h:Sc1^^^^^^ '^"^ -V be 

In still another aspect of the invention, the secret session encryption kev is a 

25 iThTvTtem'cor'T'"*'''''' P^'^-'^''^'"- '^-^^^ encryptionkey whic'L is changed after 
25 »-ach system connection or upon the request of one system to the Other. 

In a further aspect of the invention, both the dynamic secret and the system IDs mav be 
altered by a message digest component after all authentication cycles for a system conneSnIre 
completed, or upon request of one system to the other, to provide added protection agains 
30 playback impersonation by would-be attackers. e ■ 

BRIEF DESCRIPTION OF THE DRAWINGS 

Additional objects, features and advantages of the present invention will become 
35 apparent from the following detailed description when read in conjunction with the 
accompanying drawings in which: 

Figure 1 is a functional block diagram of two computer systems communicating by wav 
of a communications medium; 

40 

Figure 2 is a graphic illustration of a logic process for generating message digests, and 
hence a symmetric, deterministic but non-predictable encryption key; 

Figures 3a and 3b are a logic flow diagram of the application software used by an 
45 originating computer system in accordance with the invention; and 

Figures 4a and 4b are a logic flow diagram of the application software used by an 
answering computer system in accordance with the invention. 
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DESCRIPTION OF PREFERRED EMBODIMENTS 

Preferred embodiments of the invention will now be described with reference to the 
accompanymg drawings. 

In the descriptions which follow, the terms "random", "pseudo-random", "connection" 
and "session" have the following meanings: 

"Random" means a result which is non-predictable and non-repeating. 

"Pseudo-random" means a result which is deterministic, but which appears to be random 
to an observer who has no access to or knowledge of the secrets producing the result. 

"Connection" means the establishment of a communication link between an originatinc 
1 5 system and an answering system which lasts for the duration of one or more sessions. 

"Session" means one or more exchanges of information between an originatinc system 
and an answermg system to accomplish a task. There can be several sessions during a system 
connection. In accordance with the invention, keys and passwords are automatically chanced 
after each system connection. Optionally, the key and/or passwords can be changed after each 
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session. 



Referring to Figure 1. a first computer system 10 is shown which communicates to a 
h^r? A^'^T"'*'! r'T, ' ^ ""^^ "^""^ «0""n™ication Hnk 12. The communication link may / 
re? n^^'i^^'l. ^"^f Network). WAN (Wide Area Network), VAN ( Value Added Network) 
PELCO (Telephone Company switching network), the Internet, a local intranet, or an air link 
such as a cellular phone connection or other radio frequency transceiver interface. 

. X. I j-^''*' computer system 10 includes a central processing unit (CPU) 1 with I/O interfaces 
I b leading to a keyboard processor 2 with a key matrix interface array 3. The CPU 1 further ' 
includes a processor la, a ROM Ic. and a RAM Id. ITie computer system 10 in addition is 
comprised of a display device 4, a floppy disk drive 5a, a hard disk drive 5b and a 
communication adapter 6, each of which is in electrical communication with I/O interfaces lb 
The communication adapter 6 in addition is in electrical communication with link 1 2. 

The computer system 1 1 includes a CPU 13 that is comprised of a processor 1 3a I/O 
interfaces 1 3b. a RAM 13c. and a ROM 13d. The I/O interfaces 1 3b are in electrical ' 
communication with a display device 14. a keyboard processor 15 having a key matrix interface 
array 1 6, a floppy disk drive 1 7a, a hard disk drive 17b. and a communication adapter 1 8 that is 
40 in electrical communication with link 12. 

Processor I a is used to execute the software algorithms and logic flows to perform the 
operation of the security system program. ROM Ic is necessary to get computer system 10 
booted and operating (contains the code necessary to access the boot-sector) Key array 3 and 
45 display device 4 are used to support inter-operation between the computer and user RAM I d is 
used as a scratch pad, stack, or temporary storage of the values which are used by the proaram or 
operated on by the program. Hard disk drive 5b is non-volatile memory for storing system IDs 
shared secrets, and the executable code for this program. Floppy disk drive 5a can be used as ' 
removable non-volatile memory for storing system IDs and shared secrets 
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Id by processor la when U^l™^^rin.,1^.„ J '<>. »><1 « moved to RAM 

s,s.e,n passwords tee stTrTS on ™=4SIT' "'*«-l-=<'. Further. 

e.,era.ed during an auU,enSrZ°erX°"..''SSo°ntd^" " 

information exchance the RAM \A i. ^uu - aumentication and encryption 

occrrins session ofe,ied^.f„H '"'«™"«°' g«ne„,ed during a nex. 

seen,, is'„ri,.en tillS disf*^. st"' "J"""-- 

secre, J^^^^TZiitX^?^ 1. *e sy^ IDs. static secret «.d the dynamic 
originating and answering swfon^a jtl^^ ^.^r^- the 
secret ses^on .nc,yptic:V^rL:;:d'!n"ir Cbe'S^^S^^^ 

dynamic secret l.^iS^i^^^^^r.^.T"'"' " ' 

m«sag^;r^-rr^^^^ 

In order to ensure that an exchange of information between computer system 1 0 ,nH 

ra~roVriXr^^ 

exchanged bythe computer systems in cleartext. The identifiers may be comprised oTnumerics 
and/or text. The static secret is known by each system, but is not exchanged over the 
commumcauon hnk. The static secn^t never changes unless the current vtlueTs pu" osely 
overwritten with a new value. purposely 

A dynamic secret also is shared by the two computer systems, and held in confidence 
and never transmitted over the communication link 12. The secret is dynamic in the°sense th^^^^ 
each time a bilateral authentication of the computer systems occurs, the dynam c secretT 
changed The change value that is used is a pseudo-random number. As will be expS ed in 
more detail below, the dynamic secret makes the cryptographic result of the encr^S ke ' 
generator unpredictable without knowledge of both the static secret and the dynamic secret As 
one aspect of the invention, the change value is not made part of any access requTsI or 
l'!!w!r^l'Z " ^^'^^ the computer systems. TT,us. the change value is not 

subject to discovery as a result of information communicated over the communication link P 
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U is to be understood that the static secret, the dynamic secret, the change value, and the 
session encryption key are never communicated out from the computer system in which they are 
generated and stored. 

5 Once in possession of the identifiers, the static secret and the dynamic secret, both of the 

computer systems independently commence to combine the secrets as illustrated in Figure 2. 
Referring to Figure 2, a graphic illustration of the ensuing computer process is presented with a 
plural bit static secret 20, and a plural bit dynamic secret 21, which are applied as inputs to a bit- 
shuffling generator 22. The bit-shuffling generator employs a many-to-few bit-mapping to 
10 shuffle the bits of the static and dynamic secrets. That is, the bits of the static secret and the 
dynamic secret are mixed to form a first pseudo-random result. The bit-shuffling algorithm 
continues to shuffle bits by wrapping the smaller of the inputs with the larger of the inputs until 
all bits of the larger input have been processed. 

1 5 The process performed by the generator 22 may be comprised of any mathematical or 

logic function including, by way of example and not limitation, A®B = C, where A is the static 
secret, B is the dynamic secret, and © denotes an exclusive OR logic function. The output of the 
generator 22 is a pseudo-random result which is applied as an input to a secure one-way hash 
generator 23 to produce a message digest 24. In the preferred embodiment of the invention, the 

20 hash function which is used by the generator 23 is the Secure Hash Algorithm (SHA) as defined 
in FIPS PUB 180-l(April 17, 1995). 

For purposes of the invention, the message digest 24 is divided into four sectors. The 
first sector is an originating system password 25 which is used only one time, the second sector 

25 is an answering system password 26 which also is used only one time, the third sector is a secret 
session encryption key 27, and the fourth sector is a change value 28. The contents of each of 
the sectors comprising the message digest are pseudo-random numbers, which each of the 
computer systems 10 and 1 1 have produced independently without need for synchronization. 
Thus, computer system 10 has its own one-time password 25 and knows the one-time password 

30 26 for the computer system 1 1. Further, each has the secret session encryption key 27 without 
any exchanges other than system IDs over a communication media. 

Referring to Figures 3a and 3b, the communication handshake protocol which is 
exercised by computer system 10 (originating system) is illustrated in the form of a logic flow 

35 diagram. The computer system 10 cycles through the logic flow diagram beginning with logic 
step 100. At logic step 101, the originating system retrieves the system IDs and secrets from a 
shared secrets table kept on the hard disk drive 5b. From logic step 101, flow continues to logic 
step 1 02 and an access request is sent with the originating system ID, and the IDs and shared 
secrets are written to RAM Id. The static secret and dynamic secrets are retrieved from the hard 

40 disk drive 5b of the computer system 10 by using the targeted answering computer system ID as 
a tag. 

Thereafter, the logic flow process proceeds to logic step 104 to await receipt of the 
computer system 1 1 ID. If the computer system 1 1 ID is not received within a predetermined 
45 time period, the logic flow process branches to logic step 105 where an "I/O Time Out" error 
message is generated. From logic step 105 the logic flow process continues to logic step 106 
where a failed attempt record is updated, and then proceeds to logic step 107 where the error 
message is reported to the application program and the user. 
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s,eD 1 lo'^ieTrhlr"" ^* ''^^ '°8ic flow process proceeds to logic 

rn rhi 1! T ^"'"P"^*^^ ^y^'^^m 10 issues an acknowledgment of the answering system m 
tothecomputersystem 11. TT»e static secret and dynamic secret are combined atToersten M 
Is al": r''""' °' ^-"P'^y'"* ^ many-to-few bit mapping Te bu' 

nn ^ . .""n u"*'""^^^ '° '''^ ^™PP'"8 of the inputs with the larger 

of the inputs unt.1 all b.ts of the larger input have been processed. TTie bit-shuffling alginthl 
may be any mathematical or logic function which will perform a bit-shuffle anSo^a manw^ 
few bit-mapprng on the two inputs. TTie pseudo-random result then is subjected to a s^cu^e o^e 
15 way hash operation. The secure hash operation also employs a many-to-few bU r^anntna rn 

password 26. a secret session encryption key 27. and a change value 28 are ext^act^J. ^ 

From logic step 1 1 1 . the logic flow process continues to logic step 1 1 2 where the 
20 answer system ID. the originating system password 25. the answering sytfem p^^w'rd 26 the 
secret session encryptjon key 27. and the change value 28 are written to RAM I d oHh e 
computer system 1 0. The logic flow process then proceeds to logic step 1 1 3 where the secret 
sess.on encryption key 27 is loaded into a user supplied encryption engL such as DES for 
25 sTstTm '''' '''''' --P"^- ^y^'*- > 0 and the co^p^ter 

From logic step 1 13, the logic flow process continues to logic step 1 14 where the 
encrypted answenng system password from computer system II is awaited. If the encrypted 
password .s not received within a predetermined time period, an "I/O Timed Out" error rnessa^e 
described rr't?^'' Aow process then proceeds to logic step lOsTs b'orc 

described. If the encrypted password is received before a time-out occurs, however the logic 
flow process continues from logic step 1 14 to logic step 1 1 6 where computer system 1 1 's 
encrypted password is decrypted through use of the secret session encryption key 27 and 
continues to logic step 118. If the computer system 1 1 password as decrypted does not match the 
35 answering system password 26 which was generated at logic step 1 1 1. the logic flow process 
generates a Password Failed" error message at logic step 1 19 and then continues to logic step 
1 06 as before described. If a match occurs at logic step 118, however, the logic flow process 
continues from logic step 1 18 to logic step 120. wher« the originating system password 25 is 
A. ^"TiT ^ """^ ^''^ enciyption key 27 and transmitted over the communication 

40 I ink 1 2 to computer system 1 1 . The logic flow process then proceeds to logic step 1 2 ! to await 
an answer from computer system 1 1 which indicates that the computer system access request has 
been granted. ^ 



45 



If an access granted response is not received from the computer system 1 1 before a 
predetermined time period has expired, the logic flow process branches froni logic step P 1 to 
logic step 1 22 to generate a "I/O Time Out" error message and then continues to logic step 1 06 
^.j!^^. ''^^^'■'''ed- If an access granted response is received from computer system I 1 before 
an I/O Time Out. however, the logic flow process continues from logic step 1 2 1 to logic step 1 23 
where the dynamic secret 2 1 is altered by the change value 28 and a prime constant 
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It IS to be understood that the system IDs also may be altered by the change value 28 and 
he prime constant, or by another component of the message digest, to provide an additional 
layer of protection against playback impersonations. In a playback impersonation, a would-be 
attacker could monitor the cleartext exchange of system IDs between the originating system and 
the answering system, and thereafter attempt to impersonate one of the systems by using the 
previously used information. The alteration of the system IDs after each system connection is 
completed will prevent such playback impersonaJions. 

From logic step 123, the logic How process writes the updated dynamic secret into the 
non-volatile memory of hard disk drive 5b at logic step 124. Thereafter, the logic flow process 
contmues to logic step 125 to use the current secret session encryption key to perform encrypted 
information exchanges with computer system 11 during the current session. Thereafter a 
determination is made at logic step 126 whether the current system connection has been 
1 5 completed. If not, the logic flow process determines at logic step 127 whether a new secret 
session encryption key should be generated. If so, the logic flow process proceeds from loeic 
step 1 27 to logic step 128, where the computer system 1 1 is notified that a secret session 
encryption key change is indicated. The logic flow process thereafter returns to the input of 
logic step 1 1 1 to continue as before described. If a determination is made at logic step 127 to not 
change the secret session encryption key, then the logic process proceeds to the input of IorIc 
step 1 25 to continue as before described. 

It is to be understood that a secret session encryption key may be generated upon 
request, as well as automatically after a bilateral authentication occurs. 

From either logic step 107 or logic step 126 when a connection has been completed the 
logic flow process proceeds to logic step 129 to exit the program. 

Concurrently with the above process, the answering system (computer system 1 1 ) 
independently executes the logic flow process illustrated in Figures 4a and 4b More 
particularly, the logic flow process enters at logic step 200. Upon receipt of an access request 
and system identifier from computer system 10 at logic step 201. the logic flow process 
continues to logic step 202 to execute a search of an access table stored on the hard disk drive 
1 7b to And the origmating system ID and access the corresponding static and dynamic secrets 
The originating system identifier supplied by the computer system 10 then is compared to the " 
table look-up system identifiers at logic step 203. If no match occurs, the logic flow process 
branches to logic step 204 to generate a "System Not Recognized" error message The louic 
flow process thereafter proceeds to logic step 205 of Figure 4b to record the error message on the 
hard d isk drive 1 7b. and thereafter report the eiror message to the application program and the 
40 user at logic step 206. 

I f the ID is found at logic step 203, however, the logic flow process continues to lofiic 
step 207 where the system identifier of the answering system is transmitted to the originating 
system. The logic flow process then proceeds to logic step 208 to await a response from the 
originating system indicating that the answering system identifier is acknowledged If a 
response is not received from the originating system within a predetermined time period a time- 
"wo x*^""^*^ '1:^ L°S'^ P™«« branches to logic step 209 to generate the error messace 

I/O Timed Out . From logic step 209, the logic flow process proceeds to logic step ->05 of" 
f igure 4b where the process continues as before described. 



30 



35 



45 



wo 98/47258 

PCT/US98/04408 



20 



25 



35 



40 



45 



of Fisure <b, ».hOT the o,oces»r T T ^ ">« '"8" step 210 

5 .ag ■„ find .„d '•'.•'a^Z^Z^^:^,^^^'^''?^ =i«™«"8 l» - . 

s~re.s thereafter are applied as faDmTto ? ^ """^ "ynamic 

stored on hard disk drive 7b "o > b' -*»fllmg algonthtn which is a software program 

u.e smaller Of .hei„ir,:.^-.h?r.5"^,"S;?„p'r^^^^^^ 

processed. The bit-shuffline al«nri»h«, v . '"^Ser input have been 

~«wo"rd";5Th'°"'°" • i^^2^^:^r 

From logic step 2 1 1 of Figure 4b. the logic flow process continues to loeic sten 7 1 ? 

: •^^^ '^^^^^^^ - encryption engl supp S by the 

rZ'.rf between the computer system 1 0 and the computer system 1 1 which Ll^r 

hereafter durmg this communication session are encrypted. 

The logic flow process proceeds from logic step 212 to logic step 213 where the 
answermg system password 26 is encrypted by using the encrvDtion kev 27 p^'hT • ^ 
.he originating system ,0. T^ereafterX logi; flow%";:cT.:r "g^X^^^ 
of the encrypted originating system password 25 from computer system 10. If^e encn^o ^ 
password .s not received before the expiration of a predetermined time period the Sow 
ar^T^"":?*" '°?'"*«P 214 to logic step 215 to generate the e' or rn sage ^'.^'^Tled 
c^:," inu^sTbefo;^^^^^^^^^^^ ^° -'-^ 'os' process''"" 

I f an encrypted password is received from computer system 1 0 at logic step 2 1 4 before a 
t.me-out occurs the logic flow process continues to logic step 216 where the secret se sion 

TH^eT ^h'' " '° ^'^ ^"^ °ri8'-ting system 10 

Thereafter, he password received from the originating system is compared at logic step 217 with 
the orjg.natmg system password 25 generated at logic step 210. If no match occLratTogic step 
2 1 7. the logic now process branches from logic step 217 to logic step 218 where the error 
message "Password Failed" is generated. The logic flow process then proceeds to logTs ep 205 
where the logic process continues as before described. 

1 f a match occurs at logic step 2 1 7, however, the logic flow process proceeds to louic 
step _ 1 9 to transmit an access granted signal to the originating system. Thereafter, the dynamic 
secret stored in RAM 13c is altered by the change value 28 and a prime constant al logic step 
220. From logic step 220 the logic process continues to logic step 22 1 , where the updated 
dynamic secret is written into the non-volatile memory of hard disk drive 17b. From logic step 
-2 1 the logic now process continues to logic step 222. where the secret session encryption key is 
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used to encrypt mfonnation exchanged with the computer system 10 during the current session 

c^Zt^^) TTT^"^' ^« '^y^-- connittTnTs 

complete. If not, the logic flow process determines at logic step 224 whether a new secret 

session encoTt.on key should be generated. If not. the logic flow process returns to the input of 

log.c step 222 to continue as before described. If the secret session encryption key l to be 

changed, however, the logic flow process proceeds from logic step 224 to logic step 2^5 to noiifv 

computer system 10 that a new secret session encryption key is indicated. xLreTfter t^e^oaic 

now process returns to logic step 210 to continue as before described. ^ 

From logic step 206. or from logic step 223 after a system connection has been 
completed, the logic flow process exits the program at logic step 226. 

From the above descriptions, it now should be evident that after a cleartext access 
request and exchange of system identifiers to perform a first bilateral authentication all 
exchanges between the two computer systems are thereafter in ciphertext. That is, the exchanue 
occurs only in an encrypted form. Further, while the static secret and the initial dynamic secret 
are known by each system, they are not exposed outside of the originating and answerinc 
systems. In addition, the passwords, dynamic secret, and secret session encryption key arc used 
only during a current system connection. The dynamic secret is altered by a pseudo-random 
change value and prime number after each system connection, thus causing the messaee digest 
output of the secure hash algorithm to completely change from one pseudo-random number to 
another pseudo-random number. Further, the inputs to the secure hash algorithm are bit-shuffled 
and subjected to a first many-to-few bit-mapping prior to the secure hash generation and 
subjected to a second many-to-few bit-mapping during the secure hash operation. Thus any 
likelihood of the static secret or the current dynamic secret being discovered through either 
cryptographic analysis or brute force attack is made substantially remote to impossible Further 
security enhancements by way of a second bilateral authentication occur in the exchange of 
encr/pted passwords before encrypted information is exchanged. Lastly, system IDs also may 
be altered after each system connection to provide added protection against playback 
impersonation by would-be attackers. 

The present invention has been particularly shown and described in detail with reference 
Inrto h'Tt"" f "^^'"^ """"'y illustrative of the principles of the invention and are 
not to be taken as limitations to its scope. Further, it will be readily understood by those skilled 
in the art that numerous changes and modifications may be made without departing from the 
spirit of the invention. For example, the change value resulting from the generation of a messa-e 
digest may be used to alter not only the dynamic secret, but also the system IDs. Further instead 
of using a component of the message digest as a change value, the pseudo-random input io the 
secure hash generator could be used. As another example, the message digest could be split into 
more than four components, or less than four components with the pseudo-random input to the 
secure hash generator being used to provide those components not supplied by the messaoe 
digest. In addition, the originating system and the answering system could use different 
components of the message digest as the encryption key. and thus operate in a fiill duplex mode 
requiring twice the effort to penetrate both sides of an information exchange. In yet another 
example, multiple passes of the logic flow illustrated in Figure 2 could be made to generate a 
message digest with encryption key components of ever increasing bit lengths. Still further 
separate components of the pseudo-random input to the secure hash generator could be used to 
alter the static and dynamic secrets, thus making both secrets dynamic, while a message digest 
component could be used to alter system IDs. Also, two bit shuffles could be used in the I^g'c 
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output of the second bit shuffle being uscdT^crZ^JJ^""^"'"' ^^^"^ Pseudo-random 
message digest being used to alter s^tem IDs * «»nponent of the 
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WHAT IS CLAIMED IS: 

1. A network system for secure exchange of files and data, which comprises: 

an originating system having stored therein n answering system IDs. n static secrets n 
dynamic secrets, a first many-to-few bit mapping program, a second many-to-few bit mapping 
program, and havmg means for generating a pseudo-random message digest comprised of an 
origmatmg system password, a first answering system password, a session encryption key and a 
change value by applying said first many-to-few bit mapping program and said second many-to- 
few bit mappmg program to one of said n static secrets and to one of said n dynamic secrets for 
verifymg authenticity of both an answering system ID through comparison with said n answering 
system IDs and a second answering system password through comparison with said first 
answermg system password, for generating said pseudo-random message digest and a first 
acknowledgment of verification upon verification of authenticity of said answering system ID 
lor altenng said one of said n dynamic secrets vrith said change value upon verification of 
authenticity of said second answering system password, for deciypting an encrypted answering 
system password with said session enciyption key to provide said second answering system 
password, encrypting said originating system password to generate an encrypted originating 
system password, and upon receipt of a second acknowledgment of authenticity verifying said 
origmatmg system password, encrypting an information file with said session encryption key for 
transfer over said network system during a system connection; 

communication link means in electrical communication with said originating system for 
accommodating information transfers over said network system; and 

an answering system in electrical communication with said communication link means 
and having stored therein n originating system IDs. said answering system ID, said n static 
secrets, said n dynamic secrets, said first many-to-few bit mapping program, said second manv- 
to-tcw bit mapping program, and said means for generating said pseudo-random message digest 
comprised of said originating system password, said answering system password, said session 
encryption key, and said change value, and upon verifying authenticity of said originating system 
ID transtemng said answering system ID over said communication link means to said 
originating system, and upon receiving said first acknowledgment of verification of authenticity 
of said answering system ID from said originating system over said communication link means, 
generating said pseudo-random message digest and enciypting said answering system password 
with said session encryption key to provide said encrypted answering system password over said 
communication link means to said originating system, and upon receipt of said encrypted 
originating system password from said originating system by way of said communication link 
means, decrypting said encrypted originating system password with said session encryption key 
to verify authenticity of said originating system password, and upon verification of authenticity 
of said originating system password, issuing said second acknowledgment of authenticity over 
said communication link means to said originating system. 

2. The network system of Claim 1, wherein said encryption key is a deterministic, iion- 
prcdictablc, pseudo-random and symmetric encryption key. 
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3. The network system of Claim 1. wherein said first manv t^r^^ 
an algebraic function program. many-to-few mapping program is 

4 The network system of Claim I, wherein said first many-to-few bit m,nni„ 
IS a logic function program. to-iew bit mappmg program 

5. The network system of Claim 1 . wherein said first many-to-few bit manoin„ 

IS an encryption program. mapping program 

6. The network system of CUim 1, wherein said first manv-to-few w,t rr>.^ • 
consists of plural bit shufHing programs. ^ mappmg program 

7. The network system of Claim 1. wherein said second many-to-few bit mannJnc 
program .s a secure hash algorithm (SHA) function. mappmg 

8 The network system of Claim 1, wherein said second many-to-few bit manninr. 
program is an encryption program. mapping 

1 1 - A method of providing a secure exchange of information between an orieinatin.. 
system havmg a first system ID and an answering system having a second ststeriD and eLh 

^-"^ ~« '^^^^-^ ^ -^'-^ sec^rr aXnamt ret t, 

system exc^Zil"f ' h"' ^l''*'"* ''^ originating system and said answering 

system exchangmg and verifymg said first system ID and said second system ID; 

each of said originating system and said answering system executing a bit-shuffle 
operand and a secure hash operand with plural bit-mappings to form a pseudo-random message 
digest trom said statip secret and said dynamic secret; message 

each of said originating system and said answering system extracting ar originatine 
system password, an answering system password, a deterministic and symmetric encryption key 
and a change value fi-om said message digest; v.rypiion Key, 

said originating system and said answering system respectively encrypting said 
originating system password and said answering system password with said deterministic and 
symmetric encryption key. and respectively transmitting a first encrypted password and a second 
encrypted password over said communication link; 

said answering system and said originating system respectively receiving and 
decrypting said first encrypted password and said second encrypted password with said 
deterministic and symmetric encryption key. and respectively verifying said originating system 
password and said answering system password to perform a second bilateral authentication- 
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said communicalion linkT ""d exchmsins «ncoTttd infomacio., o«.r 

system is completed; and onginaring system and said answering 

said originating system and said answering system repeating all of th*. . 
either generating a new access request to the other ™P®^^'"g ^11 of the above steps upon 

said originating system transmitting an access reauest over 

said answering system; o^^css request over said communication link to 



mapping to generate a first pseudorandom result, Penorms a first many-to-few bit 

and generate a second pseudo-random resuJt; many-to-few bit-mapping 

said originating system and said answering system independently extractln„ «n 

said originating system transmitting said originating system password ov..r 
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ones Of s»id ,„f„™„i„^ o.Tj^^^Z'^J^-' —n.^n^l^p,, 

"Pon complcion of said system comecdon. ' '"'■Wio- key arc changed 

»«.c sec'i,rd ~r::,lt,„^'^^,Sit^^'"^^ - - - "SS .o ,„o. up said 

"^^'Hory. " ongmating system memory and an answering system 
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20 



30 



35 



said sJ:. 'l^!^:^^^^ « -e. is Changed each U.e 

electncafco^::l\';o^^^^^^^ f^f" - -wenng syste. in 

excl,anged over said commSion Hn^^^^^^ '"fonn^ion files to be 

system latency, which comprises ste^, ofT ^ ^^''t^'" overhead and 

nnswering ^ ID from said originating system to said 

verifying said first system ID at said answering system; 

transmitting a second system ID from said answering system to said originating system; 
verifying said second system ID at said originating system; 
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transmitting an acknowledgment of verification of said second system ID from said 
ongmating system to said answering system; 



...r^f said originating system and said answering system independently combininR a static 
secret and a dynamic secret with a first fiinction to shuffle all bi^in said statTc s^Jet and s^=d 
dynarn.c secret, and perfom, a first many-to-few bit-mapping to produce ^ fi^st pTel" Inlm 



^^'d originating system and said answering system independently secure hashing said 
t.rst pseudo-random result with a secure hash algorithm to perfo\™ a second m^y^o-Tew bit^ 
mappmg to produce a second pseudo-random result; ^ 

said originating system and said answering system independently extracting an 
ong,„at.ng system password, an answering system password, a secret session encryption key 
15 and a change value from said second pseudo-random result; ncrypuon key, 

encrypting said answering system password with said secret session encryption key by 
•sa.d answenng system to generate a first encrypted password; ^ 



transmittmg said first encrypted password from said answering system to said 
originatmg system; 



decrypting and verifying said first encrypted password by said originatin 



g system; 



H ■ ^."''7^*'"^ said originating system password with said secret session encryption key by 
sa.d ong.natmg system to generate a second encrypted password; ^ ^ 

answerin'esy^i^; ^ '"''^"'^ '^''^ °"g'n'»«"8 system to said 



decrypting and verifying said second encrypted password by said answering system; 

said originating system and said answering system independently altering said dynam ic 
secret wUh sa.d change value and a prime constant to produce a second dynamic secret; 

said originating system and said answering system each replacing said dynamic secret 
with said second dynamic secret; j'"-imc sccrei 



said originating system and said answering system each using said secret session 
encryption key to encrypt said information files and thereby form encrypted files; 



files; and 



said originating system and said answering system thereafter exchanging said encrypted 



"PO" completion ofall sessions occurring during a current system connection said 
originating system and said answering system independently repeating all above steps upon 
ether generating a new access request to the other. 
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A A ^ ' • method of Claim 20. wherein said finrt svstem in 
sa.d dynamic secret are altered each time all aXnVSZ f ^^^^^"^ 'D. and 

completed. authentication cycles for a system connection are 
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